RSync Daemon Mode Undisclosed Remote Heap Overflow Vulnerability
Risk
High
Date Discovered
12-04-2003
Description
rsync has been reported prone to an undisclosed heap overflow vulnerability when running in daemon mode. The issue has been reported to be remotely exploitable and will provide for an execution of arbitrary code.
Platforms Affected
Caldera OpenLinux 2.3
Caldera OpenLinux 3.1 -IA64
Caldera OpenLinux eBuilder 3.0
Caldera OpenLinux Server 3.1
Caldera OpenLinux Workstation 3.1
Conectiva Linux ecommerce
Conectiva Linux graficas
Conectiva Linux 5.0
Conectiva Linux 5.1
Conectiva Linux 6.0
Conectiva Linux 7.0
Conectiva Linux 8.0
Conectiva Linux 9.0
Debian Linux 3.0 alpha
Debian Linux 3.0 arm
Debian Linux 3.0 hppa
Debian Linux 3.0 ia-32
Debian Linux 3.0 ia-64
Debian Linux 3.0 m68k
Debian Linux 3.0 mips
Debian Linux 3.0 mipsel
Debian Linux 3.0 ppc
Debian Linux 3.0 s/390
Debian Linux 3.0 sparc
EnGarde Secure Linux 1.0.1
FreeBSD FreeBSD 4.1
FreeBSD FreeBSD 4.1.1
FreeBSD FreeBSD 4.2
FreeBSD FreeBSD 4.3
FreeBSD FreeBSD 4.4
FreeBSD FreeBSD 4.5
HP Secure OS software for Linux 1.0
Immunix Immunix OS 7+
Immunix Immunix OS 7.3
MandrakeSoft Corporate Server 1.0.1
MandrakeSoft Corporate Server 2.1
MandrakeSoft Corporate Server 2.1 x86_64
MandrakeSoft Linux Mandrake 7.1
MandrakeSoft Linux Mandrake 7.2
MandrakeSoft Linux Mandrake 8.0
MandrakeSoft Linux Mandrake 8.0 ppc
MandrakeSoft Linux Mandrake 8.1
MandrakeSoft Linux Mandrake 8.1 ia64
MandrakeSoft Linux Mandrake 9.0
MandrakeSoft Linux Mandrake 9.1
MandrakeSoft Linux Mandrake 9.1 ppc
MandrakeSoft Linux Mandrake 9.2
MandrakeSoft Multi Network Firewall 8.2
MandrakeSoft Single Network Firewall 7.2
OpenBSD OpenBSD 3.0
OpenBSD OpenBSD 3.1
OpenBSD OpenBSD 3.2
OpenBSD OpenBSD 3.3
OpenBSD OpenBSD 3.4
OpenPKG OpenPKG Current
OpenPKG OpenPKG 1.2
OpenPKG OpenPKG 1.3
RedHat Fedora Core1
RedHat Linux 6.2 alpha
RedHat Linux 6.2 i386
RedHat Linux 6.2 sparc
RedHat Linux 7.0 alpha
RedHat Linux 7.0 i386
RedHat Linux 7.1 alpha
RedHat Linux 7.1 i386
RedHat Linux 7.1 ia64
RedHat Linux 7.2 i386
RedHat Linux 7.2 ia64
RedHat Linux 7.3 i386
RedHat Linux 8.0 i386
RedHat Linux 9.0 i386
S.u.S.E. Linux 6.4 alpha
S.u.S.E. Linux 6.4 i386
S.u.S.E. Linux 6.4 ppc
S.u.S.E. Linux 7.0 alpha
S.u.S.E. Linux 7.0 i386
S.u.S.E. Linux 7.0 ppc
S.u.S.E. Linux 7.0 sparc
S.u.S.E. Linux 7.1 alpha
S.u.S.E. Linux 7.1 ppc
S.u.S.E. Linux 7.1 sparc
S.u.S.E. Linux 7.1 x86
S.u.S.E. Linux 7.2 i386
S.u.S.E. Linux 7.3 i386
S.u.S.E. Linux 7.3 ppc
S.u.S.E. Linux 7.3 sparc
S.u.S.E. Linux 8.0
S.u.S.E. Linux 8.1
S.u.S.E. Linux 8.2
S.u.S.E. Linux 9.0
SCO eDesktop 2.4
SCO eServer 2.3.1
Trustix Secure Linux 1.0 1
Trustix Secure Linux 1.1
Trustix Secure Linux 1.2
Trustix Secure Linux 1.5
Components Affected
EnGarde Secure Community 1.0.1
EnGarde Secure Community 2.0
EnGarde Secure Professional 1.1
EnGarde Secure Professional 1.2
EnGarde Secure Professional 1.5
RedHat rsync-2.4.6-2.i386.rpm
RedHat rsync-2.4.6-5.i386.rpm
RedHat rsync-2.4.6-5.ia64.rpm
RedHat rsync-2.5.4-2.i386.rpm
RedHat rsync-2.5.5-1.i386.rpm
RedHat rsync-2.5.5-4.i386.rpm
rsync rsync 2.3.1
rsync rsync 2.3.2
rsync rsync 2.4 .0
rsync rsync 2.4.1
rsync rsync 2.4.3
rsync rsync 2.4.4
rsync rsync 2.4.5
rsync rsync 2.4.6
rsync rsync 2.4.8
rsync rsync 2.5 .0
rsync rsync 2.5.1
rsync rsync 2.5.2
rsync rsync 2.5.3
rsync rsync 2.5.4
rsync rsync 2.5.5
rsync rsync 2.5.6
Slackware Linux -current
Slackware Linux 8.1
Slackware Linux 9.0
Slackware Linux 9.1
Recommendations
Block external access at the network boundary, unless service is required by external parties.
If applicable filter access to the affected service at the network perimeter. Allow access for trusted hosts and networks only.
Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Deploy network and host based intrusion detection systems. Flag on suspicious network/host activity to TCP port 873. Be especially vigilant in log file audits.
Run all server processes as non-privileged users with minimal access rights.
Running the daemon with least privileges possible in a chroot, jailed or otherwise restricted environment may help mitigate the impact of successful exploitation of this issue.
Implement multiple redundant layers of security.
An attackers ability to exploit this vulnerability, to execute arbitrary code, may be hindered through the use of various memory protection schemes. Where possible, implement the use of non-executable and randomly mapped memory segments.
Modify default configuration files, to disable any unwanted behaviour.
Using the option "use chroot = yes" in the rsyncd.conf configuration file may help magnify the complexity of exploitation of this issue.
Immunix has released an advisory and fixes to address this issue.
Mandrake has released an advisory that includes fixes to address this issue.
Red Hat Linux has released an advisory (FEDORA-2003-030) and fixes to address this issue in Fedora Core 1. Affected users are advised to apply appropriate fixes as soon as possible. Further information regarding obtaining and applying fixes can be found in the referenced advisory.
Red Hat Linux has released an advisory (RHSA-2003:399-06) to address this issue in Enterprise systems. Affected customers are advised to apply appropriate fixes from the Red Hat Network as soon as possible. Further information regarding obtaining and applying fixes can be found in the referenced advisory.
Red Hat Linux has released an advisory (RHSA-2003:398-01) and fixes to address this issue. Affected users are advised to apply appropriate fixes as soon as possible. Further information regarding obtaining and applying fixes can be found in the referenced advisory.
Gentoo Linux has released an advisory (200312-03) to address this issue. Gentoo have advised that users upgrade to version 2.5.7 of rsync. Users can accomplish this by typing:
emerge sync;
emerge >=net-misc/rsync-2.5.7
EnGarde has released an advisory (ESA-20031204-032) with fixes to address this issue. Guardian Digital Secure Network subscribers may update affected packages using the WebTool. See referenced advisory for additional details.
Slackware has released Slackware Linux Security Advisory SSA:2003-337-01 with fixes to address this issue.
Advisory OpenPKG-SA-2003.051 has been released by The OpenPKG Project to address this issue.
Debian has released advisory DSA 404-1 to address this issue.
Trustix advisory #2003-0048 has been released with fixes for this issue. See references for additional details.
SuSE Security Announcement SuSE-SA:2003:050 has been released with fixes for this issue.
Conectiva has released an advisory and fixes to address this issue.
OpenBSD has made a fixed version available.
TurboLinux has released a security advisory to address this issue. Affected users are advised to execute the following commands:
# turbopkg
OR
For zabom-1.x
# zabom update rsync
For zabom-2.x
# zabom -u rsync
Additional TurboLinux information is available in the referenced advisory.
rsync version 2.5.7 has been released to resolve these issues.
EnGarde Secure Community 1.0.1:
EnGarde Secure Community 2.0:
EnGarde Secure Professional 1.1:
EnGarde Secure Professional 1.2:
EnGarde Secure Professional 1.5:
RedHat rsync-2.4.6-2.i386.rpm :
RedHat Upgrade rsync-2.5.7-0.7.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/rsync-2.5.7-0.7.i386.rpm
RedHat rsync-2.4.6-5.i386.rpm :
RedHat Upgrade rsync-2.5.7-0.7.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/rsync-2.5.7-0.7.i386.rpm
RedHat rsync-2.4.6-5.ia64.rpm :
RedHat Upgrade rsync-2.5.7-0.7.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/rsync-2.5.7-0.7.ia64.rpm
RedHat rsync-2.5.4-2.i386.rpm :
RedHat Upgrade rsync-2.5.7-0.7.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/rsync-2.5.7-0.7.i386.rpm
RedHat rsync-2.5.5-1.i386.rpm :
RedHat Upgrade rsync-2.5.7-0.8.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/rsync-2.5.7-0.8.i386.rpm
RedHat rsync-2.5.5-4.i386.rpm :
RedHat Upgrade rsync-2.5.7-0.9.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/rsync-2.5.7-0.9.i386.rpm
rsync rsync 2.3.1:
rsync Upgrade rsync-2.5.7.tar.gz
http://samba.org/ftp/rsync/rsync-2.5.7.tar.gz
rsync rsync 2.3.2:
rsync Upgrade rsync-2.5.7.tar.gz
http://samba.org/ftp/rsync/rsync-2.5.7.tar.gz
rsync rsync 2.4 .0:
rsync Upgrade rsync-2.5.7.tar.gz
http://samba.org/ftp/rsync/rsync-2.5.7.tar.gz
rsync rsync 2.4.1:
rsync Upgrade rsync-2.5.7.tar.gz
http://samba.org/ftp/rsync/rsync-2.5.7.tar.gz
rsync rsync 2.4.3:
rsync Upgrade rsync-2.5.7.tar.gz
http://samba.org/ftp/rsync/rsync-2.5.7.tar.gz
rsync rsync 2.4.4:
rsync Upgrade rsync-2.5.7.tar.gz
http://samba.org/ftp/rsync/rsync-2.5.7.tar.gz
rsync rsync 2.4.5:
rsync Upgrade rsync-2.5.7.tar.gz
http://samba.org/ftp/rsync/rsync-2.5.7.tar.gz
rsync rsync 2.4.6:
rsync Upgrade rsync-2.5.7.tar.gz
http://samba.org/ftp/rsync/rsync-2.5.7.tar.gz
rsync Upgrade rsync-2.5.7-5U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/rsync-2.5.7-5U80_1cl.i386.rpm
rsync Upgrade rsync-2.4.6-499.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/rsync-2.4.6-499.i386.rpm
rsync Upgrade rsync-2.4.6-499.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.3/n2/rsync-2.4.6-499.i386.rpm
rsync Upgrade rsync-2.4.6-190.sparc.rpm
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n2/rsync-2.4.6-190.sparc.rpm
rsync Upgrade rsync-2.4.6-309.ppc.rpm
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n2/rsync-2.4.6-309.ppc.rpm
rsync rsync 2.4.8:
rsync Upgrade rsync-2.5.7.tar.gz
http://samba.org/ftp/rsync/rsync-2.5.7.tar.gz
rsync rsync 2.5 .0:
rsync Upgrade rsync-2.5.7.tar.gz
http://samba.org/ftp/rsync/rsync-2.5.7.tar.gz
rsync rsync 2.5.1:
rsync Upgrade rsync-2.5.7.tar.gz
http://samba.org/ftp/rsync/rsync-2.5.7.tar.gz
rsync rsync 2.5.2:
rsync Upgrade rsync-2.5.7.tar.gz
http://samba.org/ftp/rsync/rsync-2.5.7.tar.gz
rsync Upgrade rsync-2.5.2-2_imnx_1.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/rsync-2.5.2-2_imnx_1.i386.rpm
rsync rsync 2.5.3:
rsync Upgrade rsync-2.5.7.tar.gz
http://samba.org/ftp/rsync/rsync-2.5.7.tar.gz
rsync rsync 2.5.4:
rsync Upgrade rsync-2.5.7.tar.gz
http://samba.org/ftp/rsync/rsync-2.5.7.tar.gz
rsync Upgrade rsync-2.5.4-2.1.M82mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
rsync Upgrade rsync-2.5.4-2_imnx_2.i386.rpm
http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/rsync-2.5.4-2_imnx_2.i386.rpm
rsync rsync 2.5.5:
rsync Upgrade rsync-2.5.7.tar.gz
http://samba.org/ftp/rsync/rsync-2.5.7.tar.gz
rsync Upgrade rsync-2.5.7-13508U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/rsync-2.5.7-13508U90_1cl.i386.rpm
rsync Upgrade rsync_2.5.5-0.2_alpha.deb
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.2_alpha.deb
rsync Upgrade rsync_2.5.5-0.2_arm.deb
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.2_arm.deb
rsync Upgrade rsync_2.5.5-0.2_i386.deb
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.2_i386.deb
rsync Upgrade rsync_2.5.5-0.2_ia64.deb
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.2_ia64.deb
rsync Upgrade rsync_2.5.5-0.2_hppa.deb
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.2_hppa.deb
rsync Upgrade rsync_2.5.5-0.2_m68k.deb
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.2_m68k.deb
rsync Upgrade rsync_2.5.5-0.2_mips.deb
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.2_mips.deb
rsync Upgrade rsync_2.5.5-0.2_mipsel.deb
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.2_mipsel.deb
rsync Upgrade rsync_2.5.5-0.2_powerpc.deb
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.2_powerpc.deb
rsync Upgrade rsync_2.5.5-0.2_sparc.deb
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.2_sparc.deb
rsync Upgrade rsync-2.5.5-258.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/rsync-2.5.5-258.i586.rpm
rsync Upgrade rsync-2.5.5-5.1.C21mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
rsync Upgrade rsync-2.5.5-5.1.C21mdk.x86_64.rpm
http://www.mandrakesecure.net/en/ftp.php
rsync Upgrade rsync-2.5.5-5.1.90mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
rsync rsync 2.5.6:
rsync Upgrade rsync-2.5.7.tar.gz
http://samba.org/ftp/rsync/rsync-2.5.7.tar.gz
rsync Upgrade rsync-2.5.7-2.i386.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386/rsync-2.5.7-2.i386.rpm
rsync Upgrade rsync-2.5.6-1.3.1.src.rpm
ftp://ftp.openpkg.org/release/1.3/UPD/rsync-2.5.6-1.3.1.src.rpm
rsync Upgrade rsync-2.5.6-193.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/rsync-2.5.6-193.i586.rpm
rsync Upgrade rsync-2.5.6-193.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/rsync-2.5.6-193.i586.rpm
rsync Upgrade rsync-2.5.7-0.1.91mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
rsync Upgrade rsync-2.5.7-0.1.91mdk.ppc.rpm
http://www.mandrakesecure.net/en/ftp.php
rsync Upgrade rsync-2.5.7-0.1.92mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
rsync Upgrade rsync-2.5.7.tgz
ftp://ftp.openbsd.org/pub/OpenBSD/3.4/packages/i386/rsync-2.5.7.tgz
Slackware Linux -current:
Slackware Upgrade rsync-2.5.7-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/rsync-2.5.7-i486-1.tgz
Slackware Linux 8.1:
Slackware Upgrade rsync-2.5.7-i386-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/rsync-2.5.7-i386-1.tgz
Slackware Linux 9.0:
Slackware Upgrade rsync-2.5.7-i386-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/rsync-2.5.7-i386-1.tgz
Slackware Linux 9.1:
Slackware Upgrade rsync-2.5.7-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/rsync-2.5.7-i486-1.tgz
References
Source: Trustix 2003-0048 rsync
URL: http://online.securityfocus.com/advisories/6139
Source: TurboLinux 2003-12-06 Turbolinux Security Announcement 06/Dec/2003
URL: http://online.securityfocus.com/advisories/6147
Source: Gentoo 200312-03 exploitable heap overflow in rsync
URL: http://online.securityfocus.com/advisories/6142
Source: Conectiva CLA-2003:794 rsync
URL: http://online.securityfocus.com/advisories/6144
Source: Debian DSA 404-1 rsync
URL: http://online.securityfocus.com/advisories/6137
Source: EnGarde ESA-20031204-032 rsync
URL: http://online.securityfocus.com/advisories/6141
Source: Immunix IMNX-2003-73-001-01 rsync
URL: http://online.securityfocus.com/advisories/6150
Source: Mandrake MDKSA-2003:111 rsync
URL: http://online.securityfocus.com/advisories/6146
Source: OpenPKG OpenPKG-SA-2003.051 rsync
URL: http://online.securityfocus.com/advisories/6136
Source: RedHat RHSA-2003:398-01 New rsync packages fix remote security vulnerability
URL: http://online.securityfocus.com/advisories/6145
Source: Slackware SSA:2003-337-01 rsync security update
URL: http://online.securityfocus.com/advisories/6135
Source: SuSE SuSE-SA:2003:050 rsync
URL: http://online.securityfocus.com/advisories/6140
Source: rsync security advisory (fwd)
URL: http://www.securityfocus.com/archive/1/346461
Source: FEDORA-2003-030 - rsync
URL: http://www.redhat.com/archives/fedora-announce-list/2003-December/msg00002.html
Source: RHSA-2003:399-06 - New rsync packages fix remote security vulnerability
URL: http://rhn.redhat.com/errata/RHSA-2003-399.html
Credits
Discovery credited to Timo Sirainen, Mike Warfield, Paul Russell, and Andrea Barisani.
Copyright (c) 2003 by Symantec Corp.
Permission to redistribute this alert electronically is granted as long as it is not edited in any way unless authorized by Symantec Security Response. Reprinting the whole or part of this alert in any medium other than electronically requires permission from symsecurity@symantec.com.
Disclaimer
The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.
Symantec, Symantec products, Symantec Security Response, and SymSecurity are registered trademarks of Symantec Corp. and/or affiliated companies in the United States and other countries. All other registered and unregistered trademarks represented in this document are the sole property of their respective companies/owners.
| 
